Administration > User Accounts

Use the Administration > User Accounts page to create, edit, and delete user accounts for search appliance administrators and managers, to prevent user credentials from being saved by a browser that accesses the search appliance, and to enable strict password checking.

One administrator user account exists by default on each search appliance. This is the admin account. You cannot delete the default account. You can change the password for the admin account.

Administrators and managers have access to different search appliance functions:

• Administrators have access to all Admin Console functions, including setting up and deleting administrator and manager user accounts; creating, assigning, and deleting collections and front ends; viewing or editing network and system settings; and configuring crawl, index, and serving parameters.
• Managers have access to collections and front ends that an administrator assigned when the manager account was set up. Managers can view and edit these collections and export collection configurations. Managers cannot create or delete collections. Managers also have access to KeyMatch, Related Queries, Filters, Remove URLs, Search Logs, and Search Reports within their assigned front ends and collections. Managers can change their own search appliance passwords.

When a new account is set up, the system sends two automated email messages from the address nobody@localhost:

• One message is directed to the newly-created user. It contains the user's username and password as well as the username and email address of the administrator who created the account.
• One message is directed to the administrator who created the account, as a confirmation that the new account exists.

Before Creating User Accounts

Before you create any user accounts, click Administration > Networking Settings. Ensure that an SMTP server is enabled for sending email from the search appliance and ensure that you have correct email addresses for users you add as administrators or managers.

Creating New User Accounts

To create a new user account:

1. Click Administration > User Accounts.
2. Type the user's user name in the Username field.
   The username can contain alphanumeric characters, hyphens, and underscores, but cannot begin with a hyphen.
3. Type the user's email address in the Email Address field.
   This must be a complete address, such as bill@yourcompany.com. The welcome message that includes account information and password is sent to this email address.
4. Type the user's password in the Password field.
5. Type the password again in the Re-enter the Password field.
   If you do not enter a password, a temporary password is created. All passwords assigned at account creation should be changed by the user. If you successfully create the account, a confirmation message is displayed.
6. Select an account type.
7. If the user is a manager, select the collections and front ends that the user can edit.
   Administrators can access all collections and front ends.
8. Click Create.
9. Make sure you instruct the new administrator or manager to change the assigned password.
   

Editing Existing User Accounts

Use these instructions to edit existing user accounts.

To edit existing user accounts:

1. Click Administration > User Accounts.
2. Click the Edit link for the user whose account you are editing.
3. To change the user's password, type a new password in the Password and Re-enter Password fields.
4. To change the assigned collections or front ends, select the correct collections and front ends.
5. To change the account type, select the correct account type.
6. Click Update.

Deleting User Accounts

To delete a user account, click the Delete link on the same row as the username.

Preventing Saved User Credentials

Browsers can save user credentials to make it easier for a user to log in to a particular account.

To prevent browsers from saving user credentials for the search appliance Admin Console or Version Manager, check the checkbox at the bottom of the page and click Save.

Using Strict Password Checking

When Use strict password checking is enabled, the following policies apply to administrator and manager accounts for the Admin Console:

• Passwords changes are checked for appropriate password length, password character mix, and password reuse:
  • A minimum of 15 characters
  • Include at least one uppercase alphabetic character
  • Include at least one lowercase alphabetic character
  • Include at least one number
  • Include at least one non-alphanumeric (special) character
• Passwords are not allowed to be changed more than once every 24 hours
• After 90 days of inactivity, passwords are locked
• After three consecutive unsuccessful login attempts from the same IP within an hour, accounts are locked for one hour

To enable these policies, check the Use strict password checking checkbox and click Save.

Admin Console Idle Timout

To change default idle timeout in admin console, specify the value in minutes and click Save.

• Minimum value: 5 minutes.
• Maximum value: 60 minutes.